QUESTION 16 An SE is preparing an SLR report for a school and wants to emphasize URL filtering capabilities because the school is concerned that its students are accessing inappropriate websites. The URL categories being chosen by default in the report are not highlighting these types of websites. How should the SE show the customer the firewall can detect that these websites are being accessed?

A. Remove unwanted categories listed under "High Risk" and use relevant information. B. Create a footnote within the SLR generation tool. C. Edit the Key-Findings text to list the other types of categories that may be of interest. D. Produce the report and edit the PDF manually.

Answer: A

QUESTION 17 What are the two group options for database when creating a custom report? (Choose two.)

A. Oracle B. SQL C. Detailed Logs D. Summary Databases

Answer: CD

QUESTION 18 A customer is concerned about malicious activity occurring directly on their endpoints and not visible to their firewalls. Which three actions does Traps execute during a security event beyond ensuring the prevention of this activity? (Choose three.)

A. Informs WildFire and sends up a signature to the Cloud. B. Collects forensic information about the event. C. Communicates the status of the endpoint to the ESM. D. Notifies the user about the event. E. Remediates the event by deleting the malicious file.

QUESTION 19 What is the HA limitation specific to the PA-200 appliance?

A. Can be deployed in either an active/passive or active/active HA pair. B. Can only synchronize configurations and does not support session synchronization. C. Has a dedicated HA1 and HA2 ports, but no HA3. D. Is the only Palo Alto Networks firewall that does not have any HA capabilities.

Answer: B

QUESTION 20 How many recursion levels are supported for compressed files in PAN-OS 8.0?

A. 2 B. 5 C. 4 D. 3

Answer: D

QUESTION 21 A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types. The customer believes that someone has clicked an email that might have contained a malicious file type. The customer already uses a firewall with User-ID enabled. Which feature must also be enabled to prevent these attacks?

A. WildFire B. App-ID C. Custom App-ID rules D. Content Filtering

Answer: A

QUESTION 22 Which two components must to be configured within User-ID on a new firewall that has been implemented? (Choose two.)

QUESTION 26 What are three considerations when deploying User-ID? (Choose three.)

A. Enable WMI probing in high security networks. B. User-ID can support a maximum of 15 hops. C. Specify included and excluded networks when configuring User-ID. D. Use a dedicated service account for User-ID services with the minimal permissions necessary. E. Only enable User-ID on trusted zones.

Answer: ACD

QUESTION 27 A price sensitive customer wants to prevent attacks on a windows 2008 Virtual Server. The server will max out at 100Mbps but needs to have 45,000 sessions to connect to multiple hosts within a data center. Which VM instance should be used to secure the network by this customer?

A. VM-200 B. VM-100 C. VM-300 D. VM-50

Answer: D

QUESTION 28 Which variable is used to regulate the rate of file submission to WildFire?

A. Based on the purchase license. B. Maximum number of files per minute. C. Available bandwidth. D. Maximum number of files per day.